Pub Date : 2014-04-24DOI: 10.1049/IET-IFS.2014.0543
Wentan Yi, Shaozhen Chen
The block cipher KASUMI is widely used for security in many synchronous wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd Generation Partnership Project) ciphering algorthms in 2001. There are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking so far. In this paper, we select some special input masks to refine the general 5-round zero-correlation linear approximations combining with some observations on the $FL$ functions and then propose the 6-round zero-correlation linear attack on KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI are also introduced under some weak keys conditions. These weak keys take $2^{-14}$ of the whole key space. The new zero-correlation linear attack on the 6-round needs about $2^{85}$ encryptions with $2^{62.8}$ known plaintexts. For the attack under weak keys conditions on the last 7 round, the data complexity is about $2^{62.1}$ known plaintexts and the time complexity $2^{110.5}$ encryptions.
{"title":"Multidimensional zero-correlation linear cryptanalysis of the block cipher KASUMI","authors":"Wentan Yi, Shaozhen Chen","doi":"10.1049/IET-IFS.2014.0543","DOIUrl":"https://doi.org/10.1049/IET-IFS.2014.0543","url":null,"abstract":"The block cipher KASUMI is widely used for security in many synchronous wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd Generation Partnership Project) ciphering algorthms in 2001. There are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking so far. In this paper, we select some special input masks to refine the general 5-round zero-correlation linear approximations combining with some observations on the $FL$ functions and then propose the 6-round zero-correlation linear attack on KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI are also introduced under some weak keys conditions. These weak keys take $2^{-14}$ of the whole key space. \u0000The new zero-correlation linear attack on the 6-round needs about $2^{85}$ encryptions with $2^{62.8}$ known plaintexts. For the attack under weak keys conditions on the last 7 round, the data complexity is about $2^{62.1}$ known plaintexts and the time complexity $2^{110.5}$ encryptions.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"57 1","pages":"215-221"},"PeriodicalIF":0.0,"publicationDate":"2014-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90706941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-20DOI: 10.1049/iet-ifs.2012.0198
Yung-Wei Kao, Kuan-Ying Huang, Hui-Zhen Gu, S. Yuan
One of the most challenging problems of cloud service solicitation is to persuade users to trust the security of cloud service and upload their sensitive data. Although cloud service providers can claim that their services are well-protected by elaborate encryption mechanisms, traditional cloud systems still cannot persuade the users that even if the cloud servers are compromised, the data are still securely protected. This study proposes uCloud, a user-centric key management scheme for cloud data protection, to solve this problem. uCloud utilises RSA and indirectly encrypts users' data by users' public keys, but stores the users' private keys on neither servers nor users' PCs; instead, the private keys are stored on users' mobile devices and presented via two-dimensional (2D) barcode images when they are utilised to decrypt users' sensitive data. In this manner, users' data are safely protected even if the cloud servers are compromised. Also, uCloud provides users with the experience of managing visible private keys by storing the keys into mobile phones and displaying them via 2D barcodes. Moreover, three scenarios: personal storage, home surveillance and enterprise storage scenarios are proposed to present the practicability of uCloud. In addition, a hierarchical structure is designed for basic key backup and data sharing in the proposed scheme.
{"title":"uCloud: a user-centric key management scheme for cloud data protection","authors":"Yung-Wei Kao, Kuan-Ying Huang, Hui-Zhen Gu, S. Yuan","doi":"10.1049/iet-ifs.2012.0198","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0198","url":null,"abstract":"One of the most challenging problems of cloud service solicitation is to persuade users to trust the security of cloud service and upload their sensitive data. Although cloud service providers can claim that their services are well-protected by elaborate encryption mechanisms, traditional cloud systems still cannot persuade the users that even if the cloud servers are compromised, the data are still securely protected. This study proposes uCloud, a user-centric key management scheme for cloud data protection, to solve this problem. uCloud utilises RSA and indirectly encrypts users' data by users' public keys, but stores the users' private keys on neither servers nor users' PCs; instead, the private keys are stored on users' mobile devices and presented via two-dimensional (2D) barcode images when they are utilised to decrypt users' sensitive data. In this manner, users' data are safely protected even if the cloud servers are compromised. Also, uCloud provides users with the experience of managing visible private keys by storing the keys into mobile phones and displaying them via 2D barcodes. Moreover, three scenarios: personal storage, home surveillance and enterprise storage scenarios are proposed to present the practicability of uCloud. In addition, a hierarchical structure is designed for basic key backup and data sharing in the proposed scheme.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"43 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2013-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89810786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-20DOI: 10.1049/iet-ifs.2012.0032
Salman Niksefat, B. Sadeghiyan, Payman Mohassel
In this study, the authors design efficient protocols for a number of `oblivious decision program (DP) evaluation' problems. Consider a general form of the problem where a client who holds a private input interacts with a server who holds a private DP (e.g. a decision tree or a branching program) with the goal of evaluating his input on the DP without learning any additional information. Many known private database query problems such as symmetric private information retrieval and private keyword search can be formulated as special cases of this problem. Most of the existing works on the same problem focus on optimising communication. However, in some environments (supported by a few experimental studies), it is the computation and not the communication that may be the performance bottleneck. In this study, we design `computationally efficient' protocols for the above general problem, and a few of its special cases. In addition to being one-round and requiring a small amount of work by the client (in the RAM model), the proposed protocols only require a small number of exponentiations (independent of the server's input) by both parties. The proposed constructions are, in essence, efficient and black-box reductions of the above problem to 1-out-of-2 oblivious transfer. It is proved that the proposed protocols secure (private) against `malicious' adversaries in the standard ideal/real-world simulation-based paradigm.
{"title":"Oblivious decision program evaluation","authors":"Salman Niksefat, B. Sadeghiyan, Payman Mohassel","doi":"10.1049/iet-ifs.2012.0032","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0032","url":null,"abstract":"In this study, the authors design efficient protocols for a number of `oblivious decision program (DP) evaluation' problems. Consider a general form of the problem where a client who holds a private input interacts with a server who holds a private DP (e.g. a decision tree or a branching program) with the goal of evaluating his input on the DP without learning any additional information. Many known private database query problems such as symmetric private information retrieval and private keyword search can be formulated as special cases of this problem. Most of the existing works on the same problem focus on optimising communication. However, in some environments (supported by a few experimental studies), it is the computation and not the communication that may be the performance bottleneck. In this study, we design `computationally efficient' protocols for the above general problem, and a few of its special cases. In addition to being one-round and requiring a small amount of work by the client (in the RAM model), the proposed protocols only require a small number of exponentiations (independent of the server's input) by both parties. The proposed constructions are, in essence, efficient and black-box reductions of the above problem to 1-out-of-2 oblivious transfer. It is proved that the proposed protocols secure (private) against `malicious' adversaries in the standard ideal/real-world simulation-based paradigm.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"19 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2013-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78077689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-06-01DOI: 10.1049/iet-ifs.2012.0169
Yongzhuang Wei, E. Pasalic
Substitution boxes (S-boxes) are the key components of conventional cryptographic systems. To quantify the confusion property of S-boxes, different non-linearity criteria are proposed such as usual non-linearity (NF ), unrestricted non-linearity (UN F ), generalised non-linearity (GN F ), higher order non-linearity (HN F ) and so on. Although these different criteria come from the idea of linear (or non-linear) approximation of S-boxes, the algebraic structures of Boolean functions that are used to approximate to S-boxes have not been considered yet. In this study, the concept of the extended non-linearity of S-boxes (denoted by EN F ) is introduced by measuring the distance of a given function to a subset of Maiorana–McFarland functions. This approximation appears to be appealing because of a particular structure of this class of functions, namely their representation as a concatenation of affine functions. The complexity of computing the rth order extended non-linearity for S-boxes over GF(2) n is less than O(( n r )2 n−r ), (r > 1). Moreover, a theoretical upper bound for the rth order extended non-linearity is proved, which is much lower than previous generalised non-linearity which might give a rise to more efficient attacks that combine a generalised correlation approach with guess and determine techniques. Furthermore, the relationship between the r-order extended non-linearity and the generalised non-linearity is derived.
{"title":"On the approximation of S-boxes via Maiorana-McFarland functions","authors":"Yongzhuang Wei, E. Pasalic","doi":"10.1049/iet-ifs.2012.0169","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0169","url":null,"abstract":"Substitution boxes (S-boxes) are the key components of conventional cryptographic systems. To quantify the confusion property of S-boxes, different non-linearity criteria are proposed such as usual non-linearity (NF ), unrestricted non-linearity (UN F ), generalised non-linearity (GN F ), higher order non-linearity (HN F ) and so on. Although these different criteria come from the idea of linear (or non-linear) approximation of S-boxes, the algebraic structures of Boolean functions that are used to approximate to S-boxes have not been considered yet. In this study, the concept of the extended non-linearity of S-boxes (denoted by EN F ) is introduced by measuring the distance of a given function to a subset of Maiorana–McFarland functions. This approximation appears to be appealing because of a particular structure of this class of functions, namely their representation as a concatenation of affine functions. The complexity of computing the rth order extended non-linearity for S-boxes over GF(2) n is less than O(( n r )2 n−r ), (r > 1). Moreover, a theoretical upper bound for the rth order extended non-linearity is proved, which is much lower than previous generalised non-linearity which might give a rise to more efficient attacks that combine a generalised correlation approach with guess and determine techniques. Furthermore, the relationship between the r-order extended non-linearity and the generalised non-linearity is derived.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"17 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2013-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89960106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Palindromic representation is generally used to reduce space and time complexities in Gaussian normal basis (GNB) multiplier with even type t. However, palindromic representation is inapplicable for a GNB multiplier with odd type t ($t geq 2$). This study therefore develops a palindromic-like representation for a GNB multiplier with odd type t. The proposed systolic GNB multiplier with odd type t reduces space and time complexities by as much as 50% compared with conventional GNB multiplier with odd type t without palindromic representation.
对于t为偶数的高斯正态基乘法器,通常采用回文表示法来降低空间和时间复杂度,但对于t为奇数的高斯正态基乘法器,回文表示法不适用($t geq 2$)。因此,本研究为具有奇数型t的GNB乘数开发了类似回文的表示。建议的具有奇数型t的收缩期GNB乘数可将空间和时间复杂性降低多达50%% compared with conventional GNB multiplier with odd type t without palindromic representation.
{"title":"Palindromic-like representation for Gaussian normal basis multiplier over GF(2m) with odd type t","authors":"C. Chiou, Tai-Pao Chuang, Shun-Shii Lin, Chiou-Yng Lee, Jim-Min Lin, Yun-Chi Yeh","doi":"10.1049/iet-ifs.2012.0200","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0200","url":null,"abstract":"Palindromic representation is generally used to reduce space and time complexities in Gaussian normal basis (GNB) multiplier with even type t. However, palindromic representation is inapplicable for a GNB multiplier with odd type t ($t geq 2$). This study therefore develops a palindromic-like representation for a GNB multiplier with odd type t. The proposed systolic GNB multiplier with odd type t reduces space and time complexities by as much as 50% compared with conventional GNB multiplier with odd type t without palindromic representation.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"42 2 1","pages":"318-323"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88170195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2012.0144
Mahdi R. Alaghband, M. Aref
Many applications that utilise wireless sensor networks (WSNs) require essentially secure communication. However, WSNs suffer from some inherent weaknesses because of restricted communication and hardware capabilities. Key management is the crucial important building block for all security goals in WSNs. Most existing researches tried to assign keys assuming homogeneous network architecture. Recently, a few key management models for heterogeneous WSNs have been proposed. In this study, the authors propose a dynamic key management framework based on elliptical curve cryptography and signcryption method for heterogeneous WSNs. The proposed scheme has network scalability and sensor node (SN) mobility especially in liquid environments. Moreover, both periodic authentication and a new registration mechanism are proposed through prevention of SN compromise. The authors analyse some of the more seminal hierarchical heterogeneous WSN key management schemes and compare them with the proposed scheme. On comparing the proposed scheme with the more seminal hierarchical heterogeneous WSN key management schemes, the proposed framework individually proves to be better in terms of communication, computation and key storage.
{"title":"Dynamic and secure key management model for hierarchical heterogeneous sensor networks","authors":"Mahdi R. Alaghband, M. Aref","doi":"10.1049/iet-ifs.2012.0144","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0144","url":null,"abstract":"Many applications that utilise wireless sensor networks (WSNs) require essentially secure communication. However, WSNs suffer from some inherent weaknesses because of restricted communication and hardware capabilities. Key management is the crucial important building block for all security goals in WSNs. Most existing researches tried to assign keys assuming homogeneous network architecture. Recently, a few key management models for heterogeneous WSNs have been proposed. In this study, the authors propose a dynamic key management framework based on elliptical curve cryptography and signcryption method for heterogeneous WSNs. The proposed scheme has network scalability and sensor node (SN) mobility especially in liquid environments. Moreover, both periodic authentication and a new registration mechanism are proposed through prevention of SN compromise. The authors analyse some of the more seminal hierarchical heterogeneous WSN key management schemes and compare them with the proposed scheme. On comparing the proposed scheme with the more seminal hierarchical heterogeneous WSN key management schemes, the proposed framework individually proves to be better in terms of communication, computation and key storage.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"37 1","pages":"271-280"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87966429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2011.0201
Kun Peng
The existing publicly verifiable secret sharing (PVSS) schemes are surveyed in a critical way in this study. The authors show that they are not so reliable and efficient as they claim or appear. They are limited by assumptions and conditions, vulnerable in important target properties and need more cost in practice. In this study, their actual performance and cost are fairly measured and their drawbacks are pointed out.
{"title":"Critical survey of existing publicly verifiable secret sharing schemes","authors":"Kun Peng","doi":"10.1049/iet-ifs.2011.0201","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0201","url":null,"abstract":"The existing publicly verifiable secret sharing (PVSS) schemes are surveyed in a critical way in this study. The authors show that they are not so reliable and efficient as they claim or appear. They are limited by assumptions and conditions, vulnerable in important target properties and need more cost in practice. In this study, their actual performance and cost are fairly measured and their drawbacks are pointed out.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"117 1","pages":"249-257"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75758832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2012.0110
C. Chiou, H. Chang, Wen-Yew Liang, Chiou-Yng Lee, Jim-Min Lin, Yun-Chi Yeh
The elliptic curve cryptosystem (ECC) is very attractive for the use in portable devices because of the small key size. The finite field multiplication over GF(2 m ) is the most important arithmetic for performing the ECC. Portable devices usually have restricted computation power and memory resources. This work will present a simple method for designing a Gaussian normal basis (GNB) multiplier over GF(2 m ) needing only fewer computation power whereas keeping lower cost. The proposed Gaussian NB multiplier saves � 57% space complexity as compared with existing GNB multiplier.
{"title":"Low-complexity Gaussian normal basis multiplier over GF(2m)","authors":"C. Chiou, H. Chang, Wen-Yew Liang, Chiou-Yng Lee, Jim-Min Lin, Yun-Chi Yeh","doi":"10.1049/iet-ifs.2012.0110","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0110","url":null,"abstract":"The elliptic curve cryptosystem (ECC) is very attractive for the use in portable devices because of the small key size. The finite field multiplication over GF(2 m ) is the most important arithmetic for performing the ECC. Portable devices usually have restricted computation power and memory resources. This work will present a simple method for designing a Gaussian normal basis (GNB) multiplier over GF(2 m ) needing only fewer computation power whereas keeping lower cost. The proposed Gaussian NB multiplier saves � 57% space complexity as compared with existing GNB multiplier.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"218 0 1","pages":"310-317"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79559570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2011.0103
P. Bhattacharya, S. K. Ghosh
Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.
{"title":"Analytical framework for measuring network security using exploit dependency graph","authors":"P. Bhattacharya, S. K. Ghosh","doi":"10.1049/iet-ifs.2011.0103","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0103","url":null,"abstract":"Attack graph is a popular tool for modelling multi-staged, correlated attacks on computer networks. Attack graphs have been widely used for measuring network security risks. Majority of the works on attack graph use host-based or state-based approaches. These attack graph models are either too restrictive or too resource consuming. Also, a significant portion of these works have used ‘probability of successfully exploiting a network’ as the metric. This approach requires that the ‘probability of successfully exploiting individual vulnerabilities’ be known a priori. Finding such probabilities is inherently difficult. This present study uses exploit dependency graph, which is a space efficient and expressive attack graph model. It also associates an additive cost with executing individual exploits, and defines a security metric in terms of the ‘minimum cost required to successfully exploit the network’. The problem of calculating the said metric is proved to be NP-complete. A modified depth first branch and bound algorithm has been described for calculating it. This study also formulates, a linear-time computable, security metric in terms of the ‘expected cost required to successfully exploit the network’ assuming a random attacker model and an uncorrelated attack graph.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"102 1","pages":"264-270"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79572828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2012.0210
Jenq-Haur Wang, H. Chang, C. Chiou, Wen-Yew Liang
Recently, information security is heavily dependent on cryptosystems such as Rivest-Shamir-Adleman algorithm (RSA algorithm) and elliptic curve cryptosystem (ECC). RSA can provide higher security level than ECC, but it is not suitable for the resource-constrained devices such as smart phones or embedded system. Thus, ECC is attracted on application in resource-constrained devices because it can achieve the same security level, but uses less key length than RSA. Galois or finite field multiplication is the core arithmetic operation of ECC. There are three popular bases in the finite field over GF(2m), polynomial basis, normal basis and dual basis (DB). Each basis representation has its own advantages. In this study, the authors will introduce a low-complexity bit-parallel DB multiplier using the multiplexer approach. Compared with the related work, our design saves up to 60% of space complexity.
{"title":"Low-complexity design of bit-parallel dual-basis multiplier over GF(2m)","authors":"Jenq-Haur Wang, H. Chang, C. Chiou, Wen-Yew Liang","doi":"10.1049/iet-ifs.2012.0210","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0210","url":null,"abstract":"Recently, information security is heavily dependent on cryptosystems such as Rivest-Shamir-Adleman algorithm (RSA algorithm) and elliptic curve cryptosystem (ECC). RSA can provide higher security level than ECC, but it is not suitable for the resource-constrained devices such as smart phones or embedded system. Thus, ECC is attracted on application in resource-constrained devices because it can achieve the same security level, but uses less key length than RSA. Galois or finite field multiplication is the core arithmetic operation of ECC. There are three popular bases in the finite field over GF(2m), polynomial basis, normal basis and dual basis (DB). Each basis representation has its own advantages. In this study, the authors will introduce a low-complexity bit-parallel DB multiplier using the multiplexer approach. Compared with the related work, our design saves up to 60% of space complexity.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"42 1","pages":"324-328"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86975220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}